From 75fe22097072e3147173467171012e52bb25620c Mon Sep 17 00:00:00 2001 From: Thomas Rittson Date: Thu, 31 Aug 2023 15:19:31 +1000 Subject: [PATCH] Block MSPs from creating orgs with SM --- .../AddSecretsManagerSubscriptionCommand.cs | 19 +++++++++++++--- ...dSecretsManagerSubscriptionCommandTests.cs | 22 +++++++++++++++++++ 2 files changed, 38 insertions(+), 3 deletions(-) diff --git a/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs b/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs index 3741148af..52136bd1b 100644 --- a/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs +++ b/src/Core/OrganizationFeatures/OrganizationSubscriptions/AddSecretsManagerSubscriptionCommand.cs @@ -1,8 +1,10 @@ using Bit.Core.Entities; using Bit.Core.Enums; +using Bit.Core.Enums.Provider; using Bit.Core.Exceptions; using Bit.Core.Models.Business; using Bit.Core.OrganizationFeatures.OrganizationSubscriptions.Interface; +using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Core.Utilities; @@ -12,17 +14,21 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti { private readonly IPaymentService _paymentService; private readonly IOrganizationService _organizationService; + private readonly IProviderRepository _providerRepository; + public AddSecretsManagerSubscriptionCommand( IPaymentService paymentService, - IOrganizationService organizationService) + IOrganizationService organizationService, + IProviderRepository providerRepository) { _paymentService = paymentService; _organizationService = organizationService; + _providerRepository = providerRepository; } public async Task SignUpAsync(Organization organization, int additionalSmSeats, int additionalServiceAccounts) { - ValidateOrganization(organization); + await ValidateOrganization(organization); var plan = StaticStore.GetSecretsManagerPlan(organization.PlanType); var signup = SetOrganizationUpgrade(organization, additionalSmSeats, additionalServiceAccounts); @@ -55,7 +61,7 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti return signup; } - private static void ValidateOrganization(Organization organization) + private async Task ValidateOrganization(Organization organization) { if (organization == null) { @@ -83,5 +89,12 @@ public class AddSecretsManagerSubscriptionCommand : IAddSecretsManagerSubscripti { throw new BadRequestException("No subscription found."); } + + var provider = await _providerRepository.GetByOrganizationIdAsync(organization.Id); + if (provider is { Type: ProviderType.Msp }) + { + throw new BadRequestException( + "Organizations with a Managed Service Provider do not support Secrets Manager."); + } } } diff --git a/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs index a09500cf6..ec83fa102 100644 --- a/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs +++ b/test/Core.Test/OrganizationFeatures/OrganizationSubscriptionUpdate/AddSecretsManagerSubscriptionCommandTests.cs @@ -1,9 +1,12 @@ using Bit.Core.Entities; +using Bit.Core.Entities.Provider; using Bit.Core.Enums; +using Bit.Core.Enums.Provider; using Bit.Core.Exceptions; using Bit.Core.Models.Business; using Bit.Core.Models.StaticStore; using Bit.Core.OrganizationFeatures.OrganizationSubscriptions; +using Bit.Core.Repositories; using Bit.Core.Services; using Bit.Core.Utilities; using Bit.Test.Common.AutoFixture; @@ -127,6 +130,25 @@ public class AddSecretsManagerSubscriptionCommandTests await VerifyDependencyNotCalledAsync(sutProvider); } + [Theory] + [BitAutoData] + public async Task SignUpAsync_ThrowsException_WhenOrganizationIsManagedByMSP( + SutProvider sutProvider, + Organization organization, + Provider provider) + { + organization.UseSecretsManager = false; + organization.SecretsManagerBeta = false; + provider.Type = ProviderType.Msp; + sutProvider.GetDependency().GetByOrganizationIdAsync(organization.Id).Returns(provider); + + var exception = await Assert.ThrowsAsync( + () => sutProvider.Sut.SignUpAsync(organization, 10, 10)); + + Assert.Contains("Organizations with a Managed Service Provider do not support Secrets Manager.", exception.Message); + await VerifyDependencyNotCalledAsync(sutProvider); + } + private static async Task VerifyDependencyNotCalledAsync(SutProvider sutProvider) { await sutProvider.GetDependency().DidNotReceive()